| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2012, 09:18
| #1 |
 |  Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hallo, ich habe schon wieder einen Trojaner Angriff, anbei das Logfile. Bitte um Unterstützung und Hinweise wie die nächsten Schritte sein sollen. Vielen Dank. 7hofer Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] 21.12.2012 09:00:28 mbam-log-2012-12-21 (09-00-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232090 Laufzeit: 8 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Silvia\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
21.12.2012, 13:00
| #2 |
| /// Malware-holic   | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.12.2012, 17:03
| #3 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hallo,
__________________danke f Info, anbei die Reports lg 7hofer Hier OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2012 16:29:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,74 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 33,37% Memory free
3,48 Gb Paging File | 1,73 Gb Available in Paging File | 49,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 141,65 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2012.12.21 16:26:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL(1).exe
PRC - [2012.12.11 18:31:33 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 18:31:20 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 18:31:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.26 11:24:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.01 15:40:04 | 001,053,056 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.10.27 10:33:32 | 000,148,016 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.10.27 10:33:14 | 000,151,088 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.10.20 12:52:41 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.08.23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.28 23:22:46 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.05.20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.02.09 19:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.02 08:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.14 10:25:38 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\87cabb0fdab32b869f1b180d10336ee0\IAStorUtil.ni.dll
MOD - [2012.11.14 10:19:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 10:18:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 10:18:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 10:18:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.14 10:18:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 10:18:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 10:18:17 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 10:18:10 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011.11.01 15:42:14 | 000,392,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2011.11.01 15:42:12 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2011.11.01 15:42:08 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2011.11.01 15:42:06 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2011.11.01 15:41:38 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2011.11.01 15:41:36 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2011.11.01 15:41:34 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2011.11.01 15:41:32 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2011.11.01 15:41:30 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2011.11.01 15:41:24 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2011.11.01 15:41:22 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2011.11.01 15:41:20 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2011.11.01 15:41:18 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2011.11.01 15:41:16 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2011.11.01 15:41:14 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2011.11.01 15:41:12 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2011.11.01 15:41:10 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2011.11.01 15:41:06 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2011.11.01 15:40:56 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2011.11.01 15:40:54 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2011.11.01 15:40:52 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2011.11.01 15:40:08 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2011.11.01 15:40:00 | 000,438,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2011.11.01 15:39:36 | 001,041,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2011.11.01 15:39:06 | 000,740,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2011.11.01 14:57:42 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.20 12:52:41 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010.06.28 23:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Services (SafeList) ==========
SRV - [2012.12.11 19:39:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.11 18:31:33 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 18:31:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.26 11:24:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.08.07 12:21:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.10.08 21:24:28 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.20 15:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.02 08:46:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009.09.02 08:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.11 18:31:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 18:31:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.16 12:02:21 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.11.16 12:02:17 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2011.11.16 12:02:17 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 20:27:49 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.02.17 20:27:49 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.02.17 20:27:49 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.02.17 20:27:49 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.02.17 20:27:49 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.01.03 09:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 09:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.01.03 09:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.06.21 10:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.07 05:34:48 | 000,032,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2010.04.28 07:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.28 07:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\67230212.sys -- (67230212)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\48158582.sys -- (48158582)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\41502502.sys -- (41502502)
DRV:64bit: - [2009.10.22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\10158242.sys -- (10158242)
DRV:64bit: - [2009.10.09 22:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\4815858.sys -- (setup_9.0.0.722_04.07.2012_12-35drv)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\67230211.sys -- (67230211)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\48158581.sys -- (48158581)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\41502501.sys -- (41502501)
DRV:64bit: - [2009.09.25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\10158241.sys -- (10158241)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.28 15:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009.08.28 15:04:44 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009.08.26 10:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.08.26 10:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 10:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 10:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 13:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009.06.17 13:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.11.08 10:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.17 13:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.11.08 10:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PAC7302.sys -- (PAC7302)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_6.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2011.12.18 18:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Christian\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.07 12:21:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.02 20:39:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.05.22 14:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.11.15 20:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\wm32e4ew.default\extensions
[2012.07.11 05:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.07 12:21:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2507537638-1687071285-4268118958-1001..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E5DF62D-267D-49EA-973C-16C3D99FC23A}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.21 16:08:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.21 15:39:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 15:37:53 | 000,005,052 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.12.21 15:37:41 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012.12.21 15:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 09:37:49 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.21 09:28:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 09:28:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 09:21:22 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012.12.21 09:21:18 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.12.21 09:21:17 | 000,000,921 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2012.12.21 09:21:10 | 1401,978,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 08:58:21 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 07:41:21 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 07:41:21 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 07:41:21 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 07:41:21 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 07:41:20 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.20 08:41:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012.12.20 08:41:23 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012.12.13 09:59:06 | 000,318,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.11 18:31:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.11 18:31:39 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.29 07:15:52 | 000,000,104 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.11.26 11:24:58 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.05.22 19:04:07 | 000,000,257 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2012.05.22 19:03:48 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2012.05.22 18:41:45 | 000,005,052 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2012.05.22 18:41:36 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2012.05.22 18:41:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2012.02.14 20:56:54 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.02.14 20:53:08 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.20 09:22:32 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2011.11.07 19:45:32 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011.11.07 19:24:34 | 000,006,144 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.25 17:52:37 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\Remover.ini
[2011.03.25 17:52:32 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.ini
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.01.01 10:26:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.09.28 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Azureus
[2011.05.20 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe_Limited
[2012.02.12 10:46:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon
[2012.03.25 10:48:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DesktopIconForAmazon
[2012.03.25 10:50:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2012.04.14 13:28:19 | 000,000,000 | -H-D | M] -- C:\Users\Christian\AppData\Roaming\IFViewer
[2011.08.06 08:53:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon
[2010.12.29 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2012.02.19 19:23:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OTRHomeloader
[2011.12.18 18:12:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite
[2012.02.19 19:22:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Raptr
[2011.06.04 09:16:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung
[2012.02.19 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Shareaza
[2012.12.20 19:59:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client
[2011.11.19 20:30:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
[2010.12.05 19:29:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP
[2011.06.15 17:35:06 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Amazon
[2011.12.23 09:44:51 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Canneverbe_Limited
[2012.02.12 10:22:23 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Canon
[2012.12.14 19:25:28 | 000,000,000 | -H-D | M] -- C:\Users\Silvia\AppData\Roaming\IFViewer
[2010.12.24 10:07:44 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\OpenOffice.org
[2011.12.19 01:18:33 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\PC Suite
[2011.06.04 09:07:15 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Samsung
[2012.12.15 21:50:10 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\SoftGrid Client
[2011.11.20 14:54:19 | 000,000,000 | ---D | M] -- C:\Users\Silvia\AppData\Roaming\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.12.19 12:26:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.20 12:47:17 | 000,000,000 | ---D | M] -- C:\book
[2012.12.04 19:14:46 | 000,000,000 | R--D | M] -- C:\Daten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.05 18:14:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.03 21:04:56 | 000,000,000 | -HSD | M] -- C:\found.000
[2010.10.20 12:42:45 | 000,000,000 | ---D | M] -- C:\Intel
[2011.07.26 19:58:20 | 000,000,000 | ---D | M] -- C:\Mama Baby Yoga
[2011.01.12 18:56:06 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.05 18:15:43 | 000,000,000 | -H-D | M] -- C:\OEM
[2011.11.12 19:39:48 | 000,000,000 | ---D | M] -- C:\OTR_Homeloader
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.28 19:47:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.18 18:32:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.21 09:11:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.05 18:14:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.05 18:14:18 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.21 16:32:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.06 08:53:43 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.05 19:36:07 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.18 08:25:15 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.22 09:29:37 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.05.22 09:29:43 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 05:24:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
< MD5 for: AGP440.SYS >
[2003.06.19 12:05:04 | 006,586,449 | ---- | M] () .cab file -- C:\Daten\Downloads Updates\W2K-SP\SP4\i386\new\sp4.cab:AGP440.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Daten\Windws XP\VRMHOEM_DE (E)\I386\sp2.cab:AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2003.06.19 12:05:04 | 006,586,449 | ---- | M] () .cab file -- C:\Daten\Downloads Updates\W2K-SP\SP4\i386\new\sp4.cab:atapi.sys
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Daten\Windws XP\VRMHOEM_DE (E)\I386\sp2.cab:atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTOR.SYS >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2012.12.21 16:30:40 | 002,621,440 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT
[2012.12.21 16:30:40 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1
[2010.12.05 18:14:29 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2
[2010.12.05 19:33:46 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.12.05 19:33:46 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.12.05 19:33:46 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.12.06 20:41:43 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{8c7ffd1c-39eb-11e2-80ad-1c75082067df}.TM.blf
[2012.12.06 20:41:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{8c7ffd1c-39eb-11e2-80ad-1c75082067df}.TMContainer00000000000000000001.regtrans-ms
[2012.12.06 20:41:43 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{8c7ffd1c-39eb-11e2-80ad-1c75082067df}.TMContainer00000000000000000002.regtrans-ms
[2010.12.05 18:14:29 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 16 bytes -> C:\Users\Christian\Downloads:Shareaza.GUID
< End of report >
Hier Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 16:29:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,74 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 33,37% Memory free
3,48 Gb Paging File | 1,73 Gb Available in Paging File | 49,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 141,65 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD790EF-2DDC-4068-AC03-B3A3B9292EAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13991415-1E33-40B5-A5A3-7E3F8F45AB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D5390CA-20ED-4481-BDBD-6CC7BB59AEB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{286E7B4E-69F1-4BA4-A671-D2538D70B518}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42334138-3E39-4B12-ACE3-EC9AB1FC1E79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{445B76E0-FCEC-4479-92C5-9E4083C9EFED}" = lport=139 | protocol=6 | dir=in | app=system |
"{48EB0A2C-765A-4472-AC9B-626340148FEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5990584A-4395-4BE5-8A18-F046BAD6D57B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5FB56791-F147-4717-A6A3-64CDF0AA41CC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{614E6890-8161-4697-A5C8-72DCD79770B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7839B887-F2ED-4170-972B-9537A0A04DEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7CDFA63A-B015-4DFB-A2B4-043589FA95BE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7E29DACC-CC86-4F1A-B089-750AB137B126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BC1815D-AA6E-4CFD-B894-9A72D0D6B054}" = rport=138 | protocol=17 | dir=out | app=system |
"{8BFD48F1-E7BF-49C7-8B63-A4FF12644EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C421926-B551-410B-A5D4-B15178460F03}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FAD934C-BB33-45C3-BE11-EB8A432FC26E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A15C63C0-845A-417E-865E-84C8CB152C5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABF7A424-72B7-449F-A93D-289FFC3EDA4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2F4F3AE-9456-4E5B-BFD6-4A06FDFA17D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B30504D5-951F-4E2F-B013-392DBC289705}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B90AC9D3-06B5-44B1-BCCE-6640D9028536}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B97B6158-A03C-4ED6-9C73-20646C26C5F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1D40700-D840-474C-8A3A-5E9A94CE3027}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CA298E24-1CC4-4FC0-BD48-9CB133E7D796}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAC23833-9F85-4620-B132-1DB02167ED04}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D3426097-24B2-42DA-A89F-765E97FF5EEA}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6CF4958-B84C-439F-A57C-1868FD8F01B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3F546AC-BC10-476C-AB24-44617BC346BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF4413C1-8411-4932-B4B0-7F83FAA3A270}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F01740A7-A0DC-40F8-95BF-7A20C2EB4EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F46660AD-A8E4-4F87-B195-2F52E304C2EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD4AEC0A-876D-4475-9ACE-3BBA7A7D31AA}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009DF56D-4A16-4009-A7F5-331783310AF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{065D519E-E63A-4625-8454-A55E00270EC3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{11F06A87-94D9-4926-9EDB-3C53FDD45D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{191875FD-78C0-461D-9DFD-F1CA302C8444}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{26FAE724-938A-47BF-9A7A-C7C4AEC4AD9B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D11F0DA-0799-4286-9CC3-E710012C496A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{37E51E10-1C32-4CA6-83D3-A43B6858BF44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A449249-DAB7-4E01-8410-862EA7B5A910}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CEADE94-D37C-4F06-9E4B-76C681B39E0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{43414E30-04A0-4EF9-87F8-B0A8EA8DFC43}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{443D0454-4C13-4E82-B3E4-CDAA23DF4267}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{5AE1440B-642E-43FD-B3B3-7C4A59710E96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E39E178-4878-4EF8-A4E5-9F48D7308F9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F6B843D-885C-47C5-94E5-83C1048842AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7341E768-2C4E-483B-90FC-007F85CE760F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{771D838B-C5B8-4AC9-9308-CDB09666E372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7805A050-5A01-4018-99FD-022A15170AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7D0C6669-F3C7-4333-AD1C-889945B795E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{811C12C6-0229-40EF-AF9F-7E03ABDFE630}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84C02EEA-8489-49AA-B57A-1B2950903A90}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8AF9C39E-B7D9-4383-A81F-C25D99FA37B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{91B5B626-B8B3-4500-86EE-0FE89C290999}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{9454C8F3-8CB4-490F-A872-783D848E39E8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{974DD789-2D8E-4C5A-9132-A4AA546870AC}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9ABA65E3-1CD8-483B-B733-0353DB01CD8C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A1A2095E-90FC-4669-914C-A0BFF3E16FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A55F68C2-A5E2-445F-8602-966319D3C3F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7C06B0A-A9EB-4F2C-AC64-01E79925702F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AC7263DA-EEEE-4583-BF96-E9537F0D4455}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AE97F96F-F285-4421-B9DF-D35970099D46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B88B30D9-5622-44C2-87DA-BF0108829385}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BDC82E16-883B-4289-83A0-42C9E827AF43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1899478-9A7A-48F3-927F-11BF73E64786}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C5152F18-E1A9-4A14-97E2-28B5E27BC92B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5DC4301-1A7F-495E-AF2D-1AC40B292ACC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C65AD487-126D-4074-8FFD-104CE188E15F}" = protocol=6 | dir=out | app=system |
"{C7E6ED46-5915-41B7-ACE6-B43A1779E474}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4D3A775-FA87-45CF-90AE-4F76756D1359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D509669D-22E5-4D4A-A3E6-EC323C91006F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D72C4812-8024-4BCF-9326-1AE6F21F6399}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D894C31E-960C-44CC-AC65-8C911F8FC048}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{DEDB0D45-07D0-4993-8CD9-FE285771384F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF2474EE-3D23-452E-9CAA-CE962FEBD2C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E008DA0A-0622-49AA-A2AE-89FF857555A6}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{E257E36E-83FD-4264-856D-93F3C391E48C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E625D6F4-A76A-4644-98D5-15EE1E7DB4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EEB4D396-481C-4C8D-B69D-F052F2E3E630}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2C24AB8-222A-4FE3-81AB-E965EB168206}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F333DE8B-235C-4899-8EC8-4C02DC11F701}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F591841E-CE22-4638-B364-C2E3CD456490}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{F9F70380-27A1-4BC8-8890-BB75BE7DFCFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{FD4AA467-89E2-4A65-9EC9-9729AF99485A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"TCP Query User{6FAF0D24-BA67-4014-85B0-0DD3C535191B}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"TCP Query User{AC6BF546-4407-473B-91CD-A13A22D6F7C1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B1F21404-5D2B-4A12-BC76-935AF6F14B3A}C:\program files (x86)\serviio\bin\serviioconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
"TCP Query User{EB838B2C-1EE8-41F6-BB84-F50676A5CB63}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0F4C76D-FFDD-4915-B383-4455F96FBBBF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{0575CC21-726B-4213-9C76-648DCAD68FB0}C:\program files (x86)\serviio\bin\serviioconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
"UDP Query User{2F96A84A-E628-42EC-BC27-AE86138173A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5F9233A3-8B4C-45B5-9183-9AE1F8F30C10}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{718E8EB5-8FCB-4D8A-890B-AD1AF6055B65}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{AEF6B77B-82ED-4E3F-B587-2EAEA1E7992D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBAB883-0BEE-4744-8062-281B213ADC1E}" = Bluesoleil 5.4.277.0
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C43709D-713C-46C3-97CC-5B31F09ACA5E}_is1" = Deutschland Patente PDF Downloader Trial 1.5
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4767A89A-F6A5-41B1-903C-734483739882}" = Breitband-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7BE7D8A6-8DBC-4171-A4B6-C082A451A906}" = Audials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = CANYON USB PC CAMERA
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.192.810
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"aonUpdate" = aonUpdate
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BIPA FotoShop" = BIPA FotoShop
"Breitband-Internet-Installation" = Breitband-Internet-Installation
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CDex" = CDex extraction audio
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eBay Icon" = eBay Icon
"FormatFactory" = FormatFactory 2.20
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitar Explorer 1.1" = Guitar Explorer 1.1
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nikon FotoShare" = Nikon FotoShare
"Nokia Suite" = Nokia Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 14:40:26 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:04 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:41 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:50:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:56:16 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 24.11.2012 18:35:31 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 24.11.2012 19:34:29 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 28.11.2012 13:14:13 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.11.2012 13:17:45 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 20.02.2011 06:16:54 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 11:16:54 - Fehler beim Herstellen der Internetverbindung. 11:16:54
- Serververbindung konnte nicht hergestellt werden..
Error - 20.02.2011 06:17:07 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 11:17:00 - Fehler beim Herstellen der Internetverbindung. 11:17:00
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 09:39:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 14:39:18 - Fehler beim Herstellen der Internetverbindung. 14:39:18
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 09:39:32 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 14:39:24 - Fehler beim Herstellen der Internetverbindung. 14:39:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2011 03:31:55 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 08:31:55 - Fehler beim Herstellen der Internetverbindung. 08:31:55
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2011 03:32:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 08:32:00 - Fehler beim Herstellen der Internetverbindung. 08:32:00
- Serververbindung konnte nicht hergestellt werden..
Error - 14.03.2011 02:37:25 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 07:37:25 - Fehler beim Herstellen der Internetverbindung. 07:37:25
- Serververbindung konnte nicht hergestellt werden..
Error - 14.03.2011 02:37:35 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 07:37:31 - Fehler beim Herstellen der Internetverbindung. 07:37:31
- Serververbindung konnte nicht hergestellt werden..
Error - 29.03.2011 04:03:27 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 10:03:27 - Fehler beim Herstellen der Internetverbindung. 10:03:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.03.2011 04:03:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 10:03:32 - Fehler beim Herstellen der Internetverbindung. 10:03:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 15.12.2012 10:51:05 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 15.12.2012 14:49:37 | Computer Name = Christian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 16.12.2012 02:47:43 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 16.12.2012 11:17:23 | Computer Name = Christian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.12.2012 02:47:14 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 17.12.2012 12:33:28 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 19.12.2012 03:32:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 20.12.2012 03:41:32 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?12.?2012 um 23:26:26 unerwartet heruntergefahren.
Error - 20.12.2012 03:49:08 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 08:47:26 unerwartet heruntergefahren.
Error - 20.12.2012 12:03:36 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
< End of report >
|
|
21.12.2012, 17:06
| #4 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hier Extras.txt Danke f weitere Infos. lg 7hofer OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 16:29:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,74 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 33,37% Memory free
3,48 Gb Paging File | 1,73 Gb Available in Paging File | 49,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 141,65 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2507537638-1687071285-4268118958-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [BIPA FotoShop] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD790EF-2DDC-4068-AC03-B3A3B9292EAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13991415-1E33-40B5-A5A3-7E3F8F45AB00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D5390CA-20ED-4481-BDBD-6CC7BB59AEB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{286E7B4E-69F1-4BA4-A671-D2538D70B518}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42334138-3E39-4B12-ACE3-EC9AB1FC1E79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{445B76E0-FCEC-4479-92C5-9E4083C9EFED}" = lport=139 | protocol=6 | dir=in | app=system |
"{48EB0A2C-765A-4472-AC9B-626340148FEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5990584A-4395-4BE5-8A18-F046BAD6D57B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5FB56791-F147-4717-A6A3-64CDF0AA41CC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{614E6890-8161-4697-A5C8-72DCD79770B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7839B887-F2ED-4170-972B-9537A0A04DEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7CDFA63A-B015-4DFB-A2B4-043589FA95BE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7E29DACC-CC86-4F1A-B089-750AB137B126}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BC1815D-AA6E-4CFD-B894-9A72D0D6B054}" = rport=138 | protocol=17 | dir=out | app=system |
"{8BFD48F1-E7BF-49C7-8B63-A4FF12644EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9C421926-B551-410B-A5D4-B15178460F03}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9FAD934C-BB33-45C3-BE11-EB8A432FC26E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A15C63C0-845A-417E-865E-84C8CB152C5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABF7A424-72B7-449F-A93D-289FFC3EDA4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2F4F3AE-9456-4E5B-BFD6-4A06FDFA17D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B30504D5-951F-4E2F-B013-392DBC289705}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B90AC9D3-06B5-44B1-BCCE-6640D9028536}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B97B6158-A03C-4ED6-9C73-20646C26C5F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1D40700-D840-474C-8A3A-5E9A94CE3027}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CA298E24-1CC4-4FC0-BD48-9CB133E7D796}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAC23833-9F85-4620-B132-1DB02167ED04}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D3426097-24B2-42DA-A89F-765E97FF5EEA}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6CF4958-B84C-439F-A57C-1868FD8F01B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3F546AC-BC10-476C-AB24-44617BC346BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF4413C1-8411-4932-B4B0-7F83FAA3A270}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F01740A7-A0DC-40F8-95BF-7A20C2EB4EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F46660AD-A8E4-4F87-B195-2F52E304C2EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD4AEC0A-876D-4475-9ACE-3BBA7A7D31AA}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009DF56D-4A16-4009-A7F5-331783310AF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{065D519E-E63A-4625-8454-A55E00270EC3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{11F06A87-94D9-4926-9EDB-3C53FDD45D4D}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{191875FD-78C0-461D-9DFD-F1CA302C8444}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{26FAE724-938A-47BF-9A7A-C7C4AEC4AD9B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D11F0DA-0799-4286-9CC3-E710012C496A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{37E51E10-1C32-4CA6-83D3-A43B6858BF44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A449249-DAB7-4E01-8410-862EA7B5A910}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CEADE94-D37C-4F06-9E4B-76C681B39E0E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{43414E30-04A0-4EF9-87F8-B0A8EA8DFC43}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{443D0454-4C13-4E82-B3E4-CDAA23DF4267}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{5AE1440B-642E-43FD-B3B3-7C4A59710E96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E39E178-4878-4EF8-A4E5-9F48D7308F9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F6B843D-885C-47C5-94E5-83C1048842AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7341E768-2C4E-483B-90FC-007F85CE760F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{771D838B-C5B8-4AC9-9308-CDB09666E372}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7805A050-5A01-4018-99FD-022A15170AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{7D0C6669-F3C7-4333-AD1C-889945B795E3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{811C12C6-0229-40EF-AF9F-7E03ABDFE630}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84C02EEA-8489-49AA-B57A-1B2950903A90}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8AF9C39E-B7D9-4383-A81F-C25D99FA37B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{91B5B626-B8B3-4500-86EE-0FE89C290999}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{9454C8F3-8CB4-490F-A872-783D848E39E8}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{974DD789-2D8E-4C5A-9132-A4AA546870AC}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{9ABA65E3-1CD8-483B-B733-0353DB01CD8C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{A1A2095E-90FC-4669-914C-A0BFF3E16FC0}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A55F68C2-A5E2-445F-8602-966319D3C3F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7C06B0A-A9EB-4F2C-AC64-01E79925702F}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AC7263DA-EEEE-4583-BF96-E9537F0D4455}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AE97F96F-F285-4421-B9DF-D35970099D46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B88B30D9-5622-44C2-87DA-BF0108829385}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BDC82E16-883B-4289-83A0-42C9E827AF43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1899478-9A7A-48F3-927F-11BF73E64786}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C5152F18-E1A9-4A14-97E2-28B5E27BC92B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5DC4301-1A7F-495E-AF2D-1AC40B292ACC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C65AD487-126D-4074-8FFD-104CE188E15F}" = protocol=6 | dir=out | app=system |
"{C7E6ED46-5915-41B7-ACE6-B43A1779E474}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4D3A775-FA87-45CF-90AE-4F76756D1359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D509669D-22E5-4D4A-A3E6-EC323C91006F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D72C4812-8024-4BCF-9326-1AE6F21F6399}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D894C31E-960C-44CC-AC65-8C911F8FC048}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{DEDB0D45-07D0-4993-8CD9-FE285771384F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DF2474EE-3D23-452E-9CAA-CE962FEBD2C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E008DA0A-0622-49AA-A2AE-89FF857555A6}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{E257E36E-83FD-4264-856D-93F3C391E48C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E625D6F4-A76A-4644-98D5-15EE1E7DB4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EEB4D396-481C-4C8D-B69D-F052F2E3E630}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2C24AB8-222A-4FE3-81AB-E965EB168206}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F333DE8B-235C-4899-8EC8-4C02DC11F701}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F591841E-CE22-4638-B364-C2E3CD456490}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{F9F70380-27A1-4BC8-8890-BB75BE7DFCFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{FD4AA467-89E2-4A65-9EC9-9729AF99485A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"TCP Query User{6FAF0D24-BA67-4014-85B0-0DD3C535191B}C:\program files (x86)\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"TCP Query User{AC6BF546-4407-473B-91CD-A13A22D6F7C1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B1F21404-5D2B-4A12-BC76-935AF6F14B3A}C:\program files (x86)\serviio\bin\serviioconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
"TCP Query User{EB838B2C-1EE8-41F6-BB84-F50676A5CB63}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0F4C76D-FFDD-4915-B383-4455F96FBBBF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{0575CC21-726B-4213-9C76-648DCAD68FB0}C:\program files (x86)\serviio\bin\serviioconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\serviio\bin\serviioconsole.exe |
"UDP Query User{2F96A84A-E628-42EC-BC27-AE86138173A6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5F9233A3-8B4C-45B5-9183-9AE1F8F30C10}C:\program files (x86)\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"UDP Query User{718E8EB5-8FCB-4D8A-890B-AD1AF6055B65}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{AEF6B77B-82ED-4E3F-B587-2EAEA1E7992D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBAB883-0BEE-4744-8062-281B213ADC1E}" = Bluesoleil 5.4.277.0
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C43709D-713C-46C3-97CC-5B31F09ACA5E}_is1" = Deutschland Patente PDF Downloader Trial 1.5
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4767A89A-F6A5-41B1-903C-734483739882}" = Breitband-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7BE7D8A6-8DBC-4171-A4B6-C082A451A906}" = Audials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = CANYON USB PC CAMERA
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.192.810
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"aonUpdate" = aonUpdate
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BIPA FotoShop" = BIPA FotoShop
"Breitband-Internet-Installation" = Breitband-Internet-Installation
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CDex" = CDex extraction audio
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eBay Icon" = eBay Icon
"FormatFactory" = FormatFactory 2.20
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitar Explorer 1.1" = Guitar Explorer 1.1
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nikon FotoShare" = Nikon FotoShare
"Nokia Suite" = Nokia Suite
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picasa 3" = Picasa 3
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2012 14:40:26 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:04 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:41 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:47:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:50:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 23.11.2012 14:56:16 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 24.11.2012 18:35:31 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 24.11.2012 19:34:29 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Users\Silvia\Desktop\Avira-DE-Cleaner-starten.exe"
in Zeile 0. Ungültige XML-Syntax.
Error - 28.11.2012 13:14:13 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.11.2012 13:17:45 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 20.02.2011 06:16:54 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 11:16:54 - Fehler beim Herstellen der Internetverbindung. 11:16:54
- Serververbindung konnte nicht hergestellt werden..
Error - 20.02.2011 06:17:07 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 11:17:00 - Fehler beim Herstellen der Internetverbindung. 11:17:00
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 09:39:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 14:39:18 - Fehler beim Herstellen der Internetverbindung. 14:39:18
- Serververbindung konnte nicht hergestellt werden..
Error - 24.02.2011 09:39:32 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 14:39:24 - Fehler beim Herstellen der Internetverbindung. 14:39:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2011 03:31:55 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 08:31:55 - Fehler beim Herstellen der Internetverbindung. 08:31:55
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2011 03:32:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 08:32:00 - Fehler beim Herstellen der Internetverbindung. 08:32:00
- Serververbindung konnte nicht hergestellt werden..
Error - 14.03.2011 02:37:25 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 07:37:25 - Fehler beim Herstellen der Internetverbindung. 07:37:25
- Serververbindung konnte nicht hergestellt werden..
Error - 14.03.2011 02:37:35 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 07:37:31 - Fehler beim Herstellen der Internetverbindung. 07:37:31
- Serververbindung konnte nicht hergestellt werden..
Error - 29.03.2011 04:03:27 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 10:03:27 - Fehler beim Herstellen der Internetverbindung. 10:03:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.03.2011 04:03:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 10:03:32 - Fehler beim Herstellen der Internetverbindung. 10:03:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 15.12.2012 10:51:05 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 15.12.2012 14:49:37 | Computer Name = Christian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 16.12.2012 02:47:43 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 16.12.2012 11:17:23 | Computer Name = Christian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 17.12.2012 02:47:14 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 17.12.2012 12:33:28 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 19.12.2012 03:32:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 20.12.2012 03:41:32 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?12.?2012 um 23:26:26 unerwartet heruntergefahren.
Error - 20.12.2012 03:49:08 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 08:47:26 unerwartet heruntergefahren.
Error - 20.12.2012 12:03:36 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
< End of report >
|
|
21.12.2012, 17:09
| #5 |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 22:12
| #6 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hallo, hier das Log File. Danke 7hofer 22:09:00.0615 4976 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 22:09:00.0871 4976 ============================================================ 22:09:00.0871 4976 Current date / time: 2012/12/21 22:09:00.0871 22:09:00.0871 4976 SystemInfo: 22:09:00.0871 4976 22:09:00.0871 4976 OS Version: 6.1.7601 ServicePack: 1.0 22:09:00.0871 4976 Product type: Workstation 22:09:00.0871 4976 ComputerName: CHRISTIAN-PC 22:09:00.0872 4976 UserName: Christian 22:09:00.0872 4976 Windows directory: C:\Windows 22:09:00.0872 4976 System windows directory: C:\Windows 22:09:00.0872 4976 Running under WOW64 22:09:00.0872 4976 Processor architecture: Intel x64 22:09:00.0872 4976 Number of processors: 4 22:09:00.0872 4976 Page size: 0x1000 22:09:00.0872 4976 Boot type: Normal boot 22:09:00.0872 4976 ============================================================ 22:09:01.0993 4976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:09:02.0009 4976 ============================================================ 22:09:02.0009 4976 \Device\Harddisk0\DR0: 22:09:02.0009 4976 MBR partitions: 22:09:02.0009 4976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 22:09:02.0009 4976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800 22:09:02.0009 4976 ============================================================ 22:09:02.0141 4976 C: <-> \Device\Harddisk0\DR0\Partition2 22:09:02.0196 4976 ============================================================ 22:09:02.0196 4976 Initialize success 22:09:02.0196 4976 ============================================================ 22:09:45.0942 4584 ============================================================ 22:09:45.0942 4584 Scan started 22:09:45.0942 4584 Mode: Manual; SigCheck; TDLFS; 22:09:45.0942 4584 ============================================================ 22:09:46.0546 4584 ================ Scan system memory ======================== 22:09:46.0546 4584 System memory - ok 22:09:46.0547 4584 ================ Scan services ============================= 22:09:46.0873 4584 [ 6C5461EEB3FFA1B1DCF9A07F8C3B3AFE ] 10158241 C:\Windows\system32\DRIVERS\10158241.sys 22:09:47.0248 4584 10158241 - ok 22:09:47.0288 4584 [ 3EC7DFDA521B4FB22CE9F76DF15DB099 ] 10158242 C:\Windows\system32\DRIVERS\10158242.sys 22:09:47.0319 4584 10158242 - ok 22:09:47.0382 4584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:09:47.0506 4584 1394ohci - ok 22:09:47.0598 4584 [ 6C5461EEB3FFA1B1DCF9A07F8C3B3AFE ] 41502501 C:\Windows\system32\DRIVERS\41502501.sys 22:09:47.0624 4584 41502501 - ok 22:09:47.0682 4584 [ 3EC7DFDA521B4FB22CE9F76DF15DB099 ] 41502502 C:\Windows\system32\DRIVERS\41502502.sys 22:09:47.0698 4584 41502502 - ok 22:09:47.0778 4584 [ 6C5461EEB3FFA1B1DCF9A07F8C3B3AFE ] 48158581 C:\Windows\system32\DRIVERS\48158581.sys 22:09:47.0800 4584 48158581 - ok 22:09:47.0805 4584 [ 3EC7DFDA521B4FB22CE9F76DF15DB099 ] 48158582 C:\Windows\system32\DRIVERS\48158582.sys 22:09:47.0820 4584 48158582 - ok 22:09:47.0913 4584 [ 6C5461EEB3FFA1B1DCF9A07F8C3B3AFE ] 67230211 C:\Windows\system32\DRIVERS\67230211.sys 22:09:47.0944 4584 67230211 - ok 22:09:47.0993 4584 [ 3EC7DFDA521B4FB22CE9F76DF15DB099 ] 67230212 C:\Windows\system32\DRIVERS\67230212.sys 22:09:48.0018 4584 67230212 - ok 22:09:48.0113 4584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:09:48.0157 4584 ACPI - ok 22:09:48.0248 4584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:09:48.0330 4584 AcpiPmi - ok 22:09:48.0418 4584 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:09:48.0447 4584 AdobeARMservice - ok 22:09:48.0575 4584 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:09:48.0611 4584 AdobeFlashPlayerUpdateSvc - ok 22:09:48.0670 4584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:09:48.0703 4584 adp94xx - ok 22:09:48.0711 4584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:09:48.0733 4584 adpahci - ok 22:09:48.0762 4584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:09:48.0780 4584 adpu320 - ok 22:09:48.0825 4584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:09:49.0041 4584 AeLookupSvc - ok 22:09:49.0150 4584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:09:49.0244 4584 AFD - ok 22:09:49.0286 4584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:09:49.0304 4584 agp440 - ok 22:09:49.0324 4584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:09:49.0390 4584 ALG - ok 22:09:49.0405 4584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:09:49.0423 4584 aliide - ok 22:09:49.0442 4584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:09:49.0458 4584 amdide - ok 22:09:49.0476 4584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:09:49.0525 4584 AmdK8 - ok 22:09:49.0559 4584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:09:49.0597 4584 AmdPPM - ok 22:09:49.0659 4584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:09:49.0693 4584 amdsata - ok 22:09:49.0719 4584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:09:49.0741 4584 amdsbs - ok 22:09:49.0765 4584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:09:49.0781 4584 amdxata - ok 22:09:49.0868 4584 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:09:49.0899 4584 AntiVirSchedulerService - ok 22:09:49.0930 4584 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:09:49.0947 4584 AntiVirService - ok 22:09:49.0996 4584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:09:50.0202 4584 AppID - ok 22:09:50.0236 4584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:09:50.0298 4584 AppIDSvc - ok 22:09:50.0340 4584 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 22:09:50.0398 4584 Appinfo - ok 22:09:50.0404 4584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:09:50.0421 4584 arc - ok 22:09:50.0442 4584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:09:50.0460 4584 arcsas - ok 22:09:50.0476 4584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:09:50.0543 4584 AsyncMac - ok 22:09:50.0581 4584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:09:50.0598 4584 atapi - ok 22:09:50.0625 4584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:09:50.0696 4584 AudioEndpointBuilder - ok 22:09:50.0707 4584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:09:50.0759 4584 AudioSrv - ok 22:09:50.0787 4584 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:09:50.0804 4584 avgntflt - ok 22:09:50.0836 4584 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:09:50.0852 4584 avipbb - ok 22:09:50.0871 4584 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:09:50.0888 4584 avkmgr - ok 22:09:50.0927 4584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:09:51.0022 4584 AxInstSV - ok 22:09:51.0048 4584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:09:51.0121 4584 b06bdrv - ok 22:09:51.0148 4584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:09:51.0174 4584 b57nd60a - ok 22:09:51.0312 4584 [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 22:09:51.0479 4584 BCM43XX - ok 22:09:51.0500 4584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:09:51.0533 4584 BDESVC - ok 22:09:51.0559 4584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:09:51.0621 4584 Beep - ok 22:09:51.0673 4584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:09:51.0768 4584 BFE - ok 22:09:51.0841 4584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 22:09:51.0927 4584 BITS - ok 22:09:51.0960 4584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:09:51.0981 4584 blbdrive - ok 22:09:52.0026 4584 [ 8BC053CD1F5F11F79C80BE85BC289258 ] BlueletAudio C:\Windows\system32\DRIVERS\blueletaudio.sys 22:09:52.0058 4584 BlueletAudio - ok 22:09:52.0146 4584 [ 941E435E5A903CC60E50E72037FA39D0 ] BlueSoleilCS C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe 22:09:52.0212 4584 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning 22:09:52.0212 4584 BlueSoleilCS - detected UnsignedFile.Multi.Generic (1) 22:09:52.0262 4584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:09:52.0337 4584 bowser - ok 22:09:52.0360 4584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:09:52.0430 4584 BrFiltLo - ok 22:09:52.0462 4584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:09:52.0505 4584 BrFiltUp - ok 22:09:52.0543 4584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:09:52.0600 4584 Browser - ok 22:09:52.0626 4584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:09:52.0668 4584 Brserid - ok 22:09:52.0682 4584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:09:52.0713 4584 BrSerWdm - ok 22:09:52.0735 4584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:09:52.0766 4584 BrUsbMdm - ok 22:09:52.0788 4584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:09:52.0820 4584 BrUsbSer - ok 22:09:52.0846 4584 [ 403E99F6DDB6CE624E0F81A554AFF178 ] BsHelpCS C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe 22:09:52.0876 4584 BsHelpCS ( UnsignedFile.Multi.Generic ) - warning 22:09:52.0876 4584 BsHelpCS - detected UnsignedFile.Multi.Generic (1) 22:09:52.0912 4584 [ EA05E37130B94670E8AA3379EAFAE22E ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys 22:09:52.0926 4584 BT - ok 22:09:52.0948 4584 [ 8BFBA6EBB2654DEF3EBD4D882BAB8EE6 ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys 22:09:52.0961 4584 Btcsrusb - ok 22:09:53.0043 4584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 22:09:53.0137 4584 BthEnum - ok 22:09:53.0205 4584 [ 81229822FACAA324718B3B3C973688ED ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys 22:09:53.0228 4584 BtHidBus - ok 22:09:53.0243 4584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:09:53.0289 4584 BTHMODEM - ok 22:09:53.0318 4584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 22:09:53.0372 4584 BthPan - ok 22:09:53.0417 4584 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 22:09:53.0509 4584 BTHPORT - ok 22:09:53.0540 4584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:09:53.0626 4584 bthserv - ok 22:09:53.0674 4584 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 22:09:53.0751 4584 BTHUSB - ok 22:09:53.0808 4584 [ 2531372CC2AD7C7204A7520DC7C2D0DA ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys 22:09:53.0827 4584 btnetBUs - ok 22:09:53.0859 4584 [ 72CC5DCC4E67E7927F94801166CFDCDA ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 22:09:53.0886 4584 BTWAMPFL - ok 22:09:53.0905 4584 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 22:09:53.0930 4584 btwaudio - ok 22:09:53.0950 4584 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 22:09:53.0969 4584 btwavdt - ok 22:09:54.0060 4584 [ 37FEE2BC1D213DE99CE7F8BB247A9229 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 22:09:54.0129 4584 btwdins - ok 22:09:54.0142 4584 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 22:09:54.0157 4584 btwl2cap - ok 22:09:54.0166 4584 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 22:09:54.0181 4584 btwrchid - ok 22:09:54.0225 4584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:09:54.0321 4584 cdfs - ok 22:09:54.0368 4584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:09:54.0420 4584 cdrom - ok 22:09:54.0467 4584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:09:54.0538 4584 CertPropSvc - ok 22:09:54.0572 4584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:09:54.0657 4584 circlass - ok 22:09:54.0694 4584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:09:54.0720 4584 CLFS - ok 22:09:54.0798 4584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:09:54.0834 4584 clr_optimization_v2.0.50727_32 - ok 22:09:54.0888 4584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:09:54.0907 4584 clr_optimization_v2.0.50727_64 - ok 22:09:55.0002 4584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:09:55.0033 4584 clr_optimization_v4.0.30319_32 - ok 22:09:55.0067 4584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:09:55.0085 4584 clr_optimization_v4.0.30319_64 - ok 22:09:55.0111 4584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:09:55.0154 4584 CmBatt - ok 22:09:55.0201 4584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:09:55.0220 4584 cmdide - ok 22:09:55.0296 4584 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:09:55.0353 4584 CNG - ok 22:09:55.0366 4584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:09:55.0383 4584 Compbatt - ok 22:09:55.0426 4584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:09:55.0481 4584 CompositeBus - ok 22:09:55.0486 4584 COMSysApp - ok 22:09:55.0519 4584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:09:55.0534 4584 crcdisk - ok 22:09:55.0572 4584 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:09:55.0622 4584 CryptSvc - ok 22:09:55.0738 4584 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 22:09:55.0793 4584 cvhsvc - ok 22:09:55.0856 4584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:09:55.0975 4584 DcomLaunch - ok 22:09:56.0003 4584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:09:56.0068 4584 defragsvc - ok 22:09:56.0128 4584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:09:56.0181 4584 DfsC - ok 22:09:56.0198 4584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:09:56.0241 4584 Dhcp - ok 22:09:56.0270 4584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:09:56.0334 4584 discache - ok 22:09:56.0362 4584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:09:56.0380 4584 Disk - ok 22:09:56.0418 4584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:09:56.0498 4584 Dnscache - ok 22:09:56.0551 4584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:09:56.0603 4584 dot3svc - ok 22:09:56.0652 4584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:09:56.0757 4584 DPS - ok 22:09:56.0779 4584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:09:56.0817 4584 drmkaud - ok 22:09:56.0913 4584 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 22:09:56.0940 4584 DsiWMIService - ok 22:09:57.0004 4584 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:09:57.0064 4584 DXGKrnl - ok 22:09:57.0087 4584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:09:57.0148 4584 EapHost - ok 22:09:57.0247 4584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:09:57.0421 4584 ebdrv - ok 22:09:57.0475 4584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:09:57.0552 4584 EFS - ok 22:09:57.0640 4584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:09:57.0701 4584 ehRecvr - ok 22:09:57.0727 4584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:09:57.0781 4584 ehSched - ok 22:09:57.0809 4584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:09:57.0836 4584 elxstor - ok 22:09:57.0895 4584 [ 78D6694F98009400BCACCB5342848A67 ] emAudio C:\Windows\system32\drivers\emAudio64.sys 22:09:57.0921 4584 emAudio - ok 22:09:57.0992 4584 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 22:09:58.0028 4584 ePowerSvc - ok 22:09:58.0043 4584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:09:58.0072 4584 ErrDev - ok 22:09:58.0165 4584 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 22:09:58.0192 4584 esgiguard - ok 22:09:58.0209 4584 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys 22:09:58.0230 4584 EsgScanner - ok 22:09:58.0289 4584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:09:58.0342 4584 EventSystem - ok 22:09:58.0362 4584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:09:58.0426 4584 exfat - ok 22:09:58.0450 4584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:09:58.0497 4584 fastfat - ok 22:09:58.0563 4584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:09:58.0660 4584 Fax - ok 22:09:58.0675 4584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:09:58.0754 4584 fdc - ok 22:09:58.0773 4584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:09:58.0840 4584 fdPHost - ok 22:09:58.0856 4584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:09:58.0918 4584 FDResPub - ok 22:09:58.0943 4584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:09:58.0961 4584 FileInfo - ok 22:09:58.0971 4584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:09:59.0041 4584 Filetrace - ok 22:09:59.0062 4584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:09:59.0091 4584 flpydisk - ok 22:09:59.0113 4584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:09:59.0135 4584 FltMgr - ok 22:09:59.0197 4584 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 22:09:59.0290 4584 FontCache - ok 22:09:59.0359 4584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:09:59.0390 4584 FontCache3.0.0.0 - ok 22:09:59.0415 4584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:09:59.0435 4584 FsDepends - ok 22:09:59.0493 4584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:09:59.0528 4584 Fs_Rec - ok 22:09:59.0568 4584 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:09:59.0595 4584 fvevol - ok 22:09:59.0614 4584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:09:59.0632 4584 gagp30kx - ok 22:09:59.0696 4584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:09:59.0795 4584 gpsvc - ok 22:09:59.0836 4584 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 22:09:59.0853 4584 GREGService - ok 22:09:59.0975 4584 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:10:00.0002 4584 gupdate - ok 22:10:00.0030 4584 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:10:00.0045 4584 gupdatem - ok 22:10:00.0112 4584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:10:00.0142 4584 gusvc - ok 22:10:00.0165 4584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:10:00.0213 4584 hcw85cir - ok 22:10:00.0271 4584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:10:00.0324 4584 HdAudAddService - ok 22:10:00.0340 4584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:10:00.0434 4584 HDAudBus - ok 22:10:00.0461 4584 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 22:10:00.0480 4584 HECIx64 - ok 22:10:00.0501 4584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:10:00.0532 4584 HidBatt - ok 22:10:00.0549 4584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:10:00.0580 4584 HidBth - ok 22:10:00.0607 4584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:10:00.0640 4584 HidIr - ok 22:10:00.0672 4584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:10:00.0733 4584 hidserv - ok 22:10:00.0773 4584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:10:00.0792 4584 HidUsb - ok 22:10:00.0832 4584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:10:00.0923 4584 hkmsvc - ok 22:10:00.0973 4584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:10:01.0040 4584 HomeGroupListener - ok 22:10:01.0057 4584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:10:01.0103 4584 HomeGroupProvider - ok 22:10:01.0127 4584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:10:01.0146 4584 HpSAMD - ok 22:10:01.0178 4584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:10:01.0295 4584 HTTP - ok 22:10:01.0360 4584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:10:01.0392 4584 hwpolicy - ok 22:10:01.0411 4584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:10:01.0433 4584 i8042prt - ok 22:10:01.0473 4584 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:10:01.0498 4584 iaStor - ok 22:10:01.0568 4584 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 22:10:01.0598 4584 IAStorDataMgrSvc - ok 22:10:01.0657 4584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:10:01.0697 4584 iaStorV - ok 22:10:01.0774 4584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:10:01.0843 4584 idsvc - ok 22:10:02.0104 4584 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 22:10:02.0410 4584 igfx - ok 22:10:02.0465 4584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:10:02.0503 4584 iirsp - ok 22:10:02.0540 4584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:10:02.0633 4584 IKEEXT - ok 22:10:02.0669 4584 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 22:10:02.0726 4584 Impcd - ok 22:10:02.0820 4584 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 22:10:02.0906 4584 IntcAzAudAddService - ok 22:10:02.0915 4584 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 22:10:02.0965 4584 IntcDAud - ok 22:10:02.0989 4584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:10:03.0008 4584 intelide - ok 22:10:03.0037 4584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:10:03.0077 4584 intelppm - ok 22:10:03.0125 4584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:10:03.0190 4584 IPBusEnum - ok 22:10:03.0250 4584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:10:03.0297 4584 IpFilterDriver - ok 22:10:03.0356 4584 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:10:03.0421 4584 iphlpsvc - ok 22:10:03.0464 4584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:10:03.0496 4584 IPMIDRV - ok 22:10:03.0524 4584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:10:03.0590 4584 IPNAT - ok 22:10:03.0617 4584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:10:03.0677 4584 IRENUM - ok 22:10:03.0697 4584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:10:03.0718 4584 isapnp - ok 22:10:03.0760 4584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:10:03.0785 4584 iScsiPrt - ok 22:10:03.0810 4584 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 22:10:03.0825 4584 IviRegMgr - ok 22:10:03.0886 4584 [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys 22:10:03.0904 4584 IvtBtBUs - ok 22:10:03.0943 4584 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 22:10:03.0966 4584 k57nd60a - ok 22:10:03.0977 4584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:10:03.0996 4584 kbdclass - ok 22:10:04.0056 4584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:10:04.0111 4584 kbdhid - ok 22:10:04.0131 4584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:10:04.0147 4584 KeyIso - ok 22:10:04.0191 4584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:10:04.0208 4584 KSecDD - ok 22:10:04.0248 4584 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:10:04.0270 4584 KSecPkg - ok 22:10:04.0290 4584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:10:04.0350 4584 ksthunk - ok 22:10:04.0387 4584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:10:04.0484 4584 KtmRm - ok 22:10:04.0530 4584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:10:04.0606 4584 LanmanServer - ok 22:10:04.0654 4584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:10:04.0703 4584 LanmanWorkstation - ok 22:10:04.0720 4584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:10:04.0784 4584 lltdio - ok 22:10:04.0836 4584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:10:04.0903 4584 lltdsvc - ok 22:10:04.0912 4584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:10:04.0974 4584 lmhosts - ok 22:10:05.0036 4584 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 22:10:05.0057 4584 LMS - ok 22:10:05.0082 4584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:10:05.0101 4584 LSI_FC - ok 22:10:05.0117 4584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:10:05.0135 4584 LSI_SAS - ok 22:10:05.0153 4584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:10:05.0175 4584 LSI_SAS2 - ok 22:10:05.0189 4584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:10:05.0208 4584 LSI_SCSI - ok 22:10:05.0233 4584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:10:05.0302 4584 luafv - ok 22:10:05.0378 4584 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:10:05.0393 4584 MBAMProtector - ok 22:10:05.0610 4584 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:10:05.0638 4584 MBAMScheduler - ok 22:10:05.0682 4584 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:10:05.0715 4584 MBAMService - ok 22:10:05.0847 4584 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe 22:10:05.0873 4584 McComponentHostService - ok 22:10:05.0919 4584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:10:05.0964 4584 Mcx2Svc - ok 22:10:05.0998 4584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:10:06.0016 4584 megasas - ok 22:10:06.0060 4584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:10:06.0087 4584 MegaSR - ok 22:10:06.0149 4584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:10:06.0213 4584 MMCSS - ok 22:10:06.0243 4584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:10:06.0324 4584 Modem - ok 22:10:06.0386 4584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:10:06.0481 4584 monitor - ok 22:10:06.0524 4584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:10:06.0540 4584 mouclass - ok 22:10:06.0557 4584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:10:06.0594 4584 mouhid - ok 22:10:06.0642 4584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:10:06.0659 4584 mountmgr - ok 22:10:06.0752 4584 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:10:06.0786 4584 MozillaMaintenance - ok 22:10:06.0843 4584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:10:06.0871 4584 mpio - ok 22:10:06.0884 4584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:10:06.0939 4584 mpsdrv - ok 22:10:07.0048 4584 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:10:07.0108 4584 MpsSvc - ok 22:10:07.0157 4584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:10:07.0189 4584 MRxDAV - ok 22:10:07.0271 4584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:10:07.0306 4584 mrxsmb - ok 22:10:07.0379 4584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:10:07.0414 4584 mrxsmb10 - ok 22:10:07.0460 4584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:10:07.0509 4584 mrxsmb20 - ok 22:10:07.0573 4584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:10:07.0590 4584 msahci - ok 22:10:07.0678 4584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:10:07.0712 4584 msdsm - ok 22:10:07.0773 4584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:10:07.0797 4584 MSDTC - ok 22:10:07.0835 4584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:10:07.0896 4584 Msfs - ok 22:10:07.0933 4584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:10:07.0988 4584 mshidkmdf - ok 22:10:08.0031 4584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:10:08.0049 4584 msisadrv - ok 22:10:08.0152 4584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:10:08.0241 4584 MSiSCSI - ok 22:10:08.0247 4584 msiserver - ok 22:10:08.0312 4584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:10:08.0389 4584 MSKSSRV - ok 22:10:08.0473 4584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:10:08.0522 4584 MSPCLOCK - ok 22:10:08.0590 4584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:10:08.0731 4584 MSPQM - ok 22:10:08.0835 4584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:10:08.0878 4584 MsRPC - ok 22:10:08.0980 4584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:10:08.0999 4584 mssmbios - ok 22:10:09.0080 4584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:10:09.0184 4584 MSTEE - ok 22:10:09.0213 4584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:10:09.0291 4584 MTConfig - ok 22:10:09.0442 4584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:10:09.0460 4584 Mup - ok 22:10:09.0545 4584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:10:09.0629 4584 napagent - ok 22:10:09.0666 4584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:10:09.0812 4584 NativeWifiP - ok 22:10:09.0949 4584 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:10:09.0991 4584 NDIS - ok 22:10:10.0024 4584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:10:10.0079 4584 NdisCap - ok 22:10:10.0116 4584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:10:10.0208 4584 NdisTapi - ok 22:10:10.0261 4584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:10:10.0334 4584 Ndisuio - ok 22:10:10.0407 4584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:10:10.0482 4584 NdisWan - ok 22:10:10.0548 4584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:10:10.0638 4584 NDProxy - ok 22:10:10.0668 4584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:10:10.0729 4584 NetBIOS - ok 22:10:10.0805 4584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:10:10.0898 4584 NetBT - ok 22:10:10.0930 4584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:10:10.0959 4584 Netlogon - ok 22:10:11.0030 4584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:10:11.0109 4584 Netman - ok 22:10:11.0129 4584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:10:11.0210 4584 netprofm - ok 22:10:11.0244 4584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:10:11.0263 4584 NetTcpPortSharing - ok 22:10:11.0290 4584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:10:11.0310 4584 nfrd960 - ok 22:10:11.0360 4584 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:10:11.0400 4584 NlaSvc - ok 22:10:11.0472 4584 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 22:10:11.0519 4584 NMSAccessU - ok 22:10:11.0607 4584 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 22:10:11.0681 4584 nmwcd - ok 22:10:11.0702 4584 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys 22:10:11.0746 4584 nmwcdc - ok 22:10:11.0790 4584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:10:11.0858 4584 Npfs - ok 22:10:11.0899 4584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:10:11.0973 4584 nsi - ok 22:10:12.0013 4584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:10:12.0068 4584 nsiproxy - ok 22:10:12.0140 4584 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:10:12.0224 4584 Ntfs - ok 22:10:12.0277 4584 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 22:10:12.0294 4584 NTI IScheduleSvc - ok 22:10:12.0317 4584 [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 22:10:12.0330 4584 NTIBackupSvc - ok 22:10:12.0370 4584 [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 22:10:12.0386 4584 NTIDrvr - ok 22:10:12.0411 4584 [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 22:10:12.0427 4584 NTISchedulerSvc - ok 22:10:12.0447 4584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:10:12.0542 4584 Null - ok 22:10:12.0567 4584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:10:12.0589 4584 nvraid - ok 22:10:12.0624 4584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:10:12.0644 4584 nvstor - ok 22:10:12.0673 4584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:10:12.0696 4584 nv_agp - ok 22:10:12.0734 4584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:10:12.0785 4584 ohci1394 - ok 22:10:12.0835 4584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:10:12.0857 4584 ose - ok 22:10:13.0121 4584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:10:13.0278 4584 osppsvc - ok 22:10:13.0323 4584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:10:13.0380 4584 p2pimsvc - ok 22:10:13.0409 4584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:10:13.0466 4584 p2psvc - ok 22:10:13.0528 4584 [ D61B764B27BF05CCCADCC5E1E7B73A21 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS 22:10:13.0575 4584 PAC7302 - ok 22:10:13.0602 4584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:10:13.0639 4584 Parport - ok 22:10:13.0689 4584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:10:13.0709 4584 partmgr - ok 22:10:13.0716 4584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:10:13.0753 4584 PcaSvc - ok 22:10:13.0801 4584 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 22:10:13.0830 4584 pccsmcfd - ok 22:10:13.0849 4584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:10:13.0870 4584 pci - ok 22:10:13.0932 4584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:10:13.0948 4584 pciide - ok 22:10:13.0983 4584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:10:14.0011 4584 pcmcia - ok 22:10:14.0026 4584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:10:14.0053 4584 pcw - ok 22:10:14.0102 4584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:10:14.0187 4584 PEAUTH - ok 22:10:14.0271 4584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:10:14.0302 4584 PerfHost - ok 22:10:14.0384 4584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:10:14.0491 4584 pla - ok 22:10:14.0544 4584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:10:14.0592 4584 PlugPlay - ok 22:10:14.0621 4584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:10:14.0643 4584 PNRPAutoReg - ok 22:10:14.0656 4584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:10:14.0677 4584 PNRPsvc - ok 22:10:14.0715 4584 [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 22:10:14.0729 4584 Point64 - ok 22:10:14.0783 4584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:10:14.0863 4584 PolicyAgent - ok 22:10:14.0894 4584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:10:14.0965 4584 Power - ok 22:10:15.0014 4584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:10:15.0098 4584 PptpMiniport - ok 22:10:15.0131 4584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:10:15.0166 4584 Processor - ok 22:10:15.0222 4584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:10:15.0293 4584 ProfSvc - ok 22:10:15.0309 4584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:10:15.0343 4584 ProtectedStorage - ok 22:10:15.0381 4584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:10:15.0450 4584 Psched - ok 22:10:15.0553 4584 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 22:10:15.0570 4584 PSI_SVC_2 - ok 22:10:15.0773 4584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:10:15.0846 4584 ql2300 - ok 22:10:15.0870 4584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:10:15.0895 4584 ql40xx - ok 22:10:15.0937 4584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:10:15.0969 4584 QWAVE - ok 22:10:15.0986 4584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:10:16.0026 4584 QWAVEdrv - ok 22:10:16.0041 4584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:10:16.0111 4584 RasAcd - ok 22:10:16.0136 4584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:10:16.0221 4584 RasAgileVpn - ok 22:10:16.0244 4584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:10:16.0311 4584 RasAuto - ok 22:10:16.0334 4584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:10:16.0396 4584 Rasl2tp - ok 22:10:16.0454 4584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:10:16.0535 4584 RasMan - ok 22:10:16.0558 4584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:10:16.0626 4584 RasPppoe - ok 22:10:16.0643 4584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:10:16.0721 4584 RasSstp - ok 22:10:16.0775 4584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:10:16.0840 4584 rdbss - ok 22:10:16.0861 4584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:10:16.0890 4584 rdpbus - ok 22:10:16.0969 4584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:10:17.0020 4584 RDPCDD - ok 22:10:17.0087 4584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:10:17.0144 4584 RDPENCDD - ok 22:10:17.0177 4584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:10:17.0231 4584 RDPREFMP - ok 22:10:17.0348 4584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:10:17.0398 4584 RDPWD - ok 22:10:17.0409 4584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:10:17.0430 4584 rdyboost - ok 22:10:17.0473 4584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:10:17.0533 4584 RemoteAccess - ok 22:10:17.0566 4584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:10:17.0631 4584 RemoteRegistry - ok 22:10:17.0668 4584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 22:10:17.0723 4584 RFCOMM - ok 22:10:17.0730 4584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:10:17.0793 4584 RpcEptMapper - ok 22:10:17.0815 4584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:10:17.0841 4584 RpcLocator - ok 22:10:17.0886 4584 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe 22:10:17.0904 4584 rpcnet - ok 22:10:17.0977 4584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:10:18.0039 4584 RpcSs - ok 22:10:18.0077 4584 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys 22:10:18.0114 4584 RRNetCap - ok 22:10:18.0132 4584 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675 ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys 22:10:18.0150 4584 RRNetCapMP - ok 22:10:18.0180 4584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:10:18.0248 4584 rspndr - ok 22:10:18.0287 4584 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 22:10:18.0308 4584 RSUSBSTOR - ok 22:10:18.0368 4584 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 22:10:18.0388 4584 RS_Service - ok 22:10:18.0397 4584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:10:18.0426 4584 SamSs - ok 22:10:18.0469 4584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:10:18.0487 4584 sbp2port - ok 22:10:18.0512 4584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:10:18.0570 4584 SCardSvr - ok 22:10:18.0621 4584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:10:18.0693 4584 scfilter - ok 22:10:18.0758 4584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:10:18.0835 4584 Schedule - ok 22:10:18.0879 4584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:10:18.0930 4584 SCPolicySvc - ok 22:10:19.0011 4584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:10:19.0067 4584 SDRSVC - ok 22:10:19.0118 4584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:10:19.0179 4584 secdrv - ok 22:10:19.0195 4584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:10:19.0263 4584 seclogon - ok 22:10:19.0279 4584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:10:19.0339 4584 SENS - ok 22:10:19.0348 4584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:10:19.0411 4584 SensrSvc - ok 22:10:19.0424 4584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:10:19.0460 4584 Serenum - ok 22:10:19.0482 4584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:10:19.0514 4584 Serial - ok 22:10:19.0538 4584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:10:19.0568 4584 sermouse - ok 22:10:19.0651 4584 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 22:10:19.0690 4584 ServiceLayer - ok 22:10:19.0734 4584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:10:19.0797 4584 SessionEnv - ok 22:10:19.0846 4584 [ 8423DB42808E94847EC4E53EFDA6BEE2 ] setup_9.0.0.722_04.07.2012_12-35drv C:\Windows\system32\DRIVERS\4815858.sys 22:10:19.0869 4584 setup_9.0.0.722_04.07.2012_12-35drv - ok 22:10:19.0912 4584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:10:19.0953 4584 sffdisk - ok 22:10:19.0970 4584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:10:20.0000 4584 sffp_mmc - ok 22:10:20.0029 4584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:10:20.0067 4584 sffp_sd - ok 22:10:20.0089 4584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:10:20.0108 4584 sfloppy - ok 22:10:20.0154 4584 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 22:10:20.0187 4584 Sftfs - ok 22:10:20.0307 4584 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 22:10:20.0339 4584 sftlist - ok 22:10:20.0362 4584 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 22:10:20.0382 4584 Sftplay - ok 22:10:20.0389 4584 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 22:10:20.0403 4584 Sftredir - ok 22:10:20.0419 4584 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 22:10:20.0433 4584 Sftvol - ok 22:10:20.0450 4584 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 22:10:20.0468 4584 sftvsa - ok 22:10:20.0534 4584 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:10:20.0603 4584 SharedAccess - ok 22:10:20.0657 4584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:10:20.0724 4584 ShellHWDetection - ok 22:10:20.0745 4584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:10:20.0764 4584 SiSRaid2 - ok 22:10:20.0804 4584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:10:20.0823 4584 SiSRaid4 - ok 22:10:20.0940 4584 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:10:20.0965 4584 SkypeUpdate - ok 22:10:21.0015 4584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:10:21.0071 4584 Smb - ok 22:10:21.0109 4584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:10:21.0136 4584 SNMPTRAP - ok 22:10:21.0156 4584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:10:21.0174 4584 spldr - ok 22:10:21.0219 4584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:10:21.0272 4584 Spooler - ok 22:10:21.0370 4584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:10:21.0561 4584 sppsvc - ok 22:10:21.0580 4584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:10:21.0659 4584 sppuinotify - ok 22:10:21.0780 4584 [ 8978ED1D492B1A430857A43CDD130AED ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 22:10:21.0826 4584 SpyHunter 4 Service - ok 22:10:21.0888 4584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:10:21.0949 4584 srv - ok 22:10:21.0973 4584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:10:22.0013 4584 srv2 - ok 22:10:22.0028 4584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:10:22.0049 4584 srvnet - ok 22:10:22.0106 4584 [ D52282225D5BD73A9CBF420699D1A0FE ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 22:10:22.0136 4584 ssadbus - ok 22:10:22.0180 4584 [ F7936AC6E8437E10E1AE488CE21F3086 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 22:10:22.0219 4584 ssadmdfl - ok 22:10:22.0242 4584 [ 1FE033372A58C67B3ECCA903FC637B36 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 22:10:22.0279 4584 ssadmdm - ok 22:10:22.0302 4584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:10:22.0372 4584 SSDPSRV - ok 22:10:22.0388 4584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:10:22.0446 4584 SstpSvc - ok 22:10:22.0466 4584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:10:22.0483 4584 stexstor - ok 22:10:22.0535 4584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:10:22.0574 4584 stisvc - ok 22:10:22.0614 4584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:10:22.0632 4584 swenum - ok 22:10:22.0643 4584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:10:22.0717 4584 swprv - ok 22:10:22.0852 4584 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 22:10:22.0878 4584 SynTP - ok 22:10:22.0947 4584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:10:23.0037 4584 SysMain - ok 22:10:23.0079 4584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:10:23.0124 4584 TabletInputService - ok 22:10:23.0250 4584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:10:23.0340 4584 TapiSrv - ok 22:10:23.0406 4584 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys 22:10:23.0422 4584 tbhsd - ok 22:10:23.0447 4584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:10:23.0514 4584 TBS - ok 22:10:23.0595 4584 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:10:23.0682 4584 Tcpip - ok 22:10:23.0709 4584 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:10:23.0766 4584 TCPIP6 - ok 22:10:23.0808 4584 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:10:23.0843 4584 tcpipreg - ok 22:10:23.0869 4584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:10:23.0930 4584 TDPIPE - ok 22:10:23.0970 4584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:10:23.0999 4584 TDTCP - ok 22:10:24.0044 4584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:10:24.0114 4584 tdx - ok 22:10:24.0205 4584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:10:24.0223 4584 TermDD - ok 22:10:24.0266 4584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:10:24.0342 4584 TermService - ok 22:10:24.0347 4584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:10:24.0376 4584 Themes - ok 22:10:24.0404 4584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:10:24.0449 4584 THREADORDER - ok 22:10:24.0469 4584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:10:24.0516 4584 TrkWks - ok 22:10:24.0554 4584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:10:24.0604 4584 TrustedInstaller - ok 22:10:24.0653 4584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:10:24.0702 4584 tssecsrv - ok 22:10:24.0755 4584 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:10:24.0846 4584 TsUsbFlt - ok 22:10:24.0917 4584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:10:24.0986 4584 tunnel - ok 22:10:25.0063 4584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:10:25.0099 4584 uagp35 - ok 22:10:25.0139 4584 [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 22:10:25.0155 4584 UBHelper - ok 22:10:25.0197 4584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:10:25.0252 4584 udfs - ok 22:10:25.0272 4584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:10:25.0311 4584 UI0Detect - ok 22:10:25.0338 4584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:10:25.0356 4584 uliagpkx - ok 22:10:25.0401 4584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:10:25.0430 4584 umbus - ok 22:10:25.0448 4584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:10:25.0467 4584 UmPass - ok 22:10:25.0572 4584 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 22:10:25.0664 4584 UNS - ok 22:10:25.0736 4584 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 22:10:25.0759 4584 Updater Service - ok 22:10:25.0778 4584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:10:25.0856 4584 upnphost - ok 22:10:25.0931 4584 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 22:10:25.0993 4584 upperdev - ok 22:10:26.0039 4584 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 22:10:26.0078 4584 usbaudio - ok 22:10:26.0099 4584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:10:26.0147 4584 usbccgp - ok 22:10:26.0196 4584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:10:26.0242 4584 usbcir - ok 22:10:26.0284 4584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 22:10:26.0317 4584 usbehci - ok 22:10:26.0343 4584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:10:26.0379 4584 usbhub - ok 22:10:26.0400 4584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:10:26.0418 4584 usbohci - ok 22:10:26.0451 4584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:10:26.0472 4584 usbprint - ok 22:10:26.0527 4584 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 22:10:26.0603 4584 usbser - ok 22:10:26.0645 4584 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 22:10:26.0673 4584 UsbserFilt - ok 22:10:26.0695 4584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:10:26.0746 4584 USBSTOR - ok 22:10:26.0771 4584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:10:26.0808 4584 usbuhci - ok 22:10:26.0864 4584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:10:26.0910 4584 usbvideo - ok 22:10:26.0965 4584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:10:27.0038 4584 UxSms - ok 22:10:27.0063 4584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:10:27.0093 4584 VaultSvc - ok 22:10:27.0161 4584 [ 389AB97570E7F25192CA18B6348C904F ] VComm C:\Windows\system32\DRIVERS\VComm.sys 22:10:27.0192 4584 VComm - ok 22:10:27.0222 4584 [ 72F11B412446FAAF95B156A6B781502C ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys 22:10:27.0238 4584 VcommMgr - ok 22:10:27.0251 4584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:10:27.0268 4584 vdrvroot - ok 22:10:27.0319 4584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:10:27.0375 4584 vds - ok 22:10:27.0389 4584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:10:27.0409 4584 vga - ok 22:10:27.0422 4584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:10:27.0473 4584 VgaSave - ok 22:10:27.0491 4584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:10:27.0513 4584 vhdmp - ok 22:10:27.0563 4584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:10:27.0580 4584 viaide - ok 22:10:27.0606 4584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:10:27.0624 4584 volmgr - ok 22:10:27.0676 4584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:10:27.0718 4584 volmgrx - ok 22:10:27.0743 4584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:10:27.0770 4584 volsnap - ok 22:10:27.0794 4584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:10:27.0815 4584 vsmraid - ok 22:10:27.0867 4584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:10:27.0983 4584 VSS - ok 22:10:28.0000 4584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:10:28.0031 4584 vwifibus - ok 22:10:28.0053 4584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:10:28.0092 4584 vwififlt - ok 22:10:28.0129 4584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:10:28.0169 4584 vwifimp - ok 22:10:28.0192 4584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:10:28.0249 4584 W32Time - ok 22:10:28.0276 4584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:10:28.0303 4584 WacomPen - ok 22:10:28.0349 4584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:10:28.0398 4584 WANARP - ok 22:10:28.0404 4584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:10:28.0449 4584 Wanarpv6 - ok 22:10:28.0538 4584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:10:28.0606 4584 WatAdminSvc - ok 22:10:28.0678 4584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:10:28.0757 4584 wbengine - ok 22:10:28.0805 4584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:10:28.0840 4584 WbioSrvc - ok 22:10:28.0912 4584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:10:28.0992 4584 wcncsvc - ok 22:10:29.0038 4584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:10:29.0065 4584 WcsPlugInService - ok 22:10:29.0125 4584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:10:29.0143 4584 Wd - ok 22:10:29.0223 4584 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:10:29.0259 4584 Wdf01000 - ok 22:10:29.0289 4584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:10:29.0403 4584 WdiServiceHost - ok 22:10:29.0408 4584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:10:29.0436 4584 WdiSystemHost - ok 22:10:29.0462 4584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:10:29.0503 4584 WebClient - ok 22:10:29.0527 4584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:10:29.0578 4584 Wecsvc - ok 22:10:29.0595 4584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:10:29.0642 4584 wercplsupport - ok 22:10:29.0656 4584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:10:29.0727 4584 WerSvc - ok 22:10:29.0759 4584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:10:29.0806 4584 WfpLwf - ok 22:10:29.0835 4584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:10:29.0851 4584 WIMMount - ok 22:10:29.0875 4584 WinDefend - ok 22:10:29.0881 4584 WinHttpAutoProxySvc - ok 22:10:29.0939 4584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:10:30.0000 4584 Winmgmt - ok 22:10:30.0076 4584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:10:30.0212 4584 WinRM - ok 22:10:30.0266 4584 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:10:30.0290 4584 WinUsb - ok 22:10:30.0328 4584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:10:30.0366 4584 Wlansvc - ok 22:10:30.0403 4584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:10:30.0420 4584 WmiAcpi - ok 22:10:30.0441 4584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:10:30.0480 4584 wmiApSrv - ok 22:10:30.0507 4584 WMPNetworkSvc - ok 22:10:30.0528 4584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:10:30.0560 4584 WPCSvc - ok 22:10:30.0600 4584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:10:30.0644 4584 WPDBusEnum - ok 22:10:30.0679 4584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:10:30.0740 4584 ws2ifsl - ok 22:10:30.0755 4584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 22:10:30.0794 4584 wscsvc - ok 22:10:30.0799 4584 WSearch - ok 22:10:30.0892 4584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:10:30.0995 4584 wuauserv - ok 22:10:31.0050 4584 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:10:31.0112 4584 WudfPf - ok 22:10:31.0154 4584 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:10:31.0192 4584 WUDFRd - ok 22:10:31.0255 4584 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:10:31.0301 4584 wudfsvc - ok 22:10:31.0356 4584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:10:31.0430 4584 WwanSvc - ok 22:10:31.0526 4584 ================ Scan global =============================== 22:10:31.0573 4584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:10:31.0621 4584 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 22:10:31.0630 4584 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 22:10:31.0653 4584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:10:31.0690 4584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:10:31.0696 4584 [Global] - ok 22:10:31.0696 4584 ================ Scan MBR ================================== 22:10:31.0737 4584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:10:33.0423 4584 \Device\Harddisk0\DR0 - ok 22:10:33.0425 4584 ================ Scan VBR ================================== 22:10:33.0473 4584 [ BBE5C7E79D4B776E1B6DE658556A8617 ] \Device\Harddisk0\DR0\Partition1 22:10:33.0477 4584 \Device\Harddisk0\DR0\Partition1 - ok 22:10:33.0508 4584 [ 57C5940D19084A075A8659F7E528A353 ] \Device\Harddisk0\DR0\Partition2 22:10:33.0510 4584 \Device\Harddisk0\DR0\Partition2 - ok 22:10:33.0511 4584 ============================================================ 22:10:33.0511 4584 Scan finished 22:10:33.0511 4584 ============================================================ 22:10:33.0524 2320 Detected object count: 2 22:10:33.0524 2320 Actual detected object count: 2 22:11:10.0746 2320 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - skipped by user 22:11:10.0746 2320 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:11:10.0746 2320 BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user 22:11:10.0746 2320 BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
27.12.2012, 15:56
| #7 | |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 09:40
| #8 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi Danke f die Hilfe, anbei das Logfile lg 7hofer |
|
28.12.2012, 14:52
| #9 |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi, lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 15:36
| #10 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi anbei die Liste lg 7hofer |
|
28.12.2012, 18:59
| #11 |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon Audacity AVS : alle CD-LabelPrint Corel Desktop Icon Deutschland Patente eBay eSobi Google Toolbar Java 2 Java 7 downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee Nikon Nokia : alle PC Connectivity SAMSUNG WavePad Windows Live : alle Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.12.2012, 19:48
| #12 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi, danke für deine Hilfe, anbei der Inhalt der Datei. # AdwCleaner v2.104 - Datei am 31/12/2012 um 19:47:35 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Christian - CHRISTIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner(1).exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v14.0.1 (de) Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hbmif147.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1121 octets] - [31/12/2012 19:47:35] ########## EOF - C:\AdwCleaner[R1].txt - [1181 octets] ########## |
|
02.01.2013, 20:36
| #13 |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi lösche deine Version des adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.01.2013, 09:06
| #14 |
| | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi anbei die Antwort. Vielen Dank f deine Unterstützung. lg 7hofer # AdwCleaner v2.104 - Datei am 04/01/2013 um 08:59:31 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Christian - CHRISTIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v14.0.1 (de) Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\wm32e4ew.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\hbmif147.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1250 octets] - [31/12/2012 19:47:35] AdwCleaner[S1].txt - [1183 octets] - [04/01/2013 08:59:31] ########## EOF - C:\AdwCleaner[S1].txt - [1243 octets] ########## |
|
04.01.2013, 14:53
| #15 |
| /// Malware-holic | Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen Hi teste bitte, wie der PC + Browser und andere Programme laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen |
| administrator, angriff, anti-malware, appdata, autostart, bösartige, dateien, dsgsdgdsgdsgw.pad, erfolgreich, exploit.drop.gsa, explorer, gelöscht, gen, griff, hinweise, microsoft, minute, quarantäne, registrierung, roaming, runctf.lnk, service, speicher, startup, troja, trojaner, unterstützung, version, wgsdgsdgdsgsd.dll |
Linear-Darstellung
